A Toyota security breach has hit the company for the third time in two months. In February, the company disclosed that Toyota Australia had been hit with an attempted cyber-attack while Toyota Japan’s main offices and Toyota Vietnam were hit this past week.
While the first attempt didn’t result in the successful access of customer or employee information, Toyota is admitting that the servers hacked in the Toyota Japan incident store the records of up to 3.1 million customers.
Some of the Toyota Japan subsidiaries that may have been accessed as a result include Toyota Tokyo Sales Holdings, Tokyo Tokyo Motor, Tokyo Toyopet, Toyota Tokyo Corolla, Nets Toyota Tokyo, Lexus Koishikawa Sales, Jamil Shoji (Lexus Nerima), and Toyota West Tokyo Corolla. Toyota headquarters have still yet to determine exactly what information has been accessed. They did note, however, that financial information was not stored on those servers.
“We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.”Toyota spokesperson
Details of the Toyota Vietnam breach haven’t been released but, as reported by ZDNet, it seems as if the organization behind the attacks is a Vietnamese cyber-espionage unit with a known focus on the automotive industry called APT32 (OceanLotus).
While Toyota says no financial information was stored on the affected servers, it is likely other personal information like names, addresses, and email addresses of customers may have been compromised. As such, those in affected countries should take extra care when receiving emails from Toyota in case they’ve been spoofed. On that note, in general, you should always be weary of company generated emails, especially those that ask you to click to verify or fill out forms to verify your personal information and passwords.
Last Updated on February 3, 2021.